sec:authorize无法生效原因是springsecurity4支持2.0.9以下的springboot,高版本需要改成springsecurity5
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
页面引入也改为springsecurity5
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5"
sec:authorize改成sec:authorize
<div sec:authorize="!isAuthenticated()">
<a th:href="@{/toLogin}">登录</a>
</div>
<div sec:authorize="isAuthenticated()">
<a th:href="@{/logout}">退出</a>
</div>